13 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-48285
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. CVE-2022-48285 Note that Nessus relies on the presence of the package as...
Security Bulletin: IBM SPSS Analytic Server has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2022-48285)
Summary IBM SPSS Analytic Server has addressed multiple security vulnerabilities CVE-2022-48285, CVE-2022-48285 Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files...
Security Bulletin: Potential Directory Traversal Vulnerability in Apache Ant shipped with IBM Operations Analytics - Log Analysis (CVE-2022-48285)
Summary There is a potential directory traversal vulnerability via a crafted zip in Apache Ant Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with...
CVE-2022-48285 affecting package mozjs60 60.9.0-11
CVE-2022-48285 affecting package mozjs60 60.9.0-11. A patched version of the package is available...
Oracle Primavera Unifier (Jul 2023 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Security-in-Depth issue in the Primavera Unifier product of Oracle Construction and Engineering component: User Interface JSZip. This vulnerabilit...
Oracle Primavera Gateway (Jul 2023 CPU)
The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Apache Commons Net. Supported versions that...
Security Bulletin: There is a vulnerability in JSZip used by IBM Maximo Asset Management (CVE-2022-48285)
Summary There is a vulnerability in JSZip used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with loadAsync, which...
Security Bulletin: JSZip publicly disclosed vulnerability affects IBM Safer Payments (CVE-2022-48285)
Summary JSZip is used by IBM Safer Payments as part of the user interface. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when fil...
-temp-electron-manager-somiibo (=0.0.200), 003-gas-convert (=1.0.1) +20893 more potentially affected by CVE-2022-48285 via jszip (>=0.2.1 <=3.7.1)
jszip NPM version =0.2.1, =0.2.13, =1.0.0, =4.3.4, =1.0.0, =1.0.4 - 3llm =0.0.1 - 3vot-clay =2.0.1 - 4xx =0.0.1 - 5-ifc-check-cli =1.0.0 and more Source cves: CVE-2022-48285 Source advisory: OSV:GHSA-36FH-84J7-CV5H...
AZL-57076 CVE-2022-48285 affecting package beust-jcommander 2.0-1
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
UBUNTU-CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
CVE-2022-48285
CVE-2022-48285 affects JSZip: the loadAsync function in JSZip before 3.8.0 can be exploited to perform a directory traversal via crafted ZIP archives, enabling access to files outside the target directory. Remediation: upgrade to JSZip 3.8.0 or later, which fixes the issue.